vendor:
Spider Calendar Lite
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Spider Calendar Lite
Affected Version From: 3.2.16
Affected Version To: 3.2.16
Patch Exists: NO
Related CWE: N/A
CPE: a:web_dorado:spider_calendar_lite
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Joomla! Component Spider Calendar Lite v3.2.16 – SQL Injection
A SQL injection vulnerability exists in Joomla! Component Spider Calendar Lite v3.2.16. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to bypass authentication and gain access to unauthorized data. The vulnerability is due to insufficient input validation in the application when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable application.
Mitigation:
Developers should always sanitize user-supplied input to prevent SQL injection attacks. Input validation should be used to ensure that only expected data is accepted by the application. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
